CertForged
Sign inGet started

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy explains what information CertForged (“we”, “us”, “CertForged”) collects when you use our website at certforged.com and related services (the “Service”), how we use it, and the choices you have.

1. Information We Collect

Account information

When you create an account, we collect your name, email address, and a hashed password. If you sign in via GitHub or Google, we receive your name, email, and profile picture from that provider.

Study activity

We store your study progress, mastery state, exam attempts, and preferences so you can resume across devices. This data is tied to your account and stored on our servers.

Payment information

Payments are processed by Stripe. We never see or store your full card details. We store the Stripe customer ID, subscription state, and invoice metadata returned by Stripe.

Technical data

We collect basic request metadata (IP address, browser type, pages visited) to detect abuse and operate the Service. We use Sentry for error monitoring; only users who consent to analytics cookies have their errors sent to Sentry.

2. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To authenticate you and sync your progress.
  • To process payments and send invoices.
  • To send transactional emails (verification, password reset, receipts).
  • To respond to support requests.
  • To detect and prevent abuse, fraud, or security incidents.

3. Sharing

We do not sell your personal information. We share data only with service providers who process it on our behalf:

  • Stripe (payment processing)
  • Resend (transactional email delivery)
  • Vercel (hosting)
  • Neon (database hosting)
  • Sentry (error monitoring, only if consented)
  • Upstash (rate-limit storage)

We may disclose information if required by law, subpoena, or to protect our rights.

4. Cookies

We use cookies that are strictly necessary to keep you signed in. Optional analytics cookies (Sentry) are only set if you accept them in our cookie banner. You can change your preferences any time.

5. Data Retention

We keep account data for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where we are legally required to retain it (e.g., invoice records for tax purposes).

6. Your Rights

Depending on where you live (EU/UK GDPR, California CCPA, or similar), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. You can:

  • Export all your data from Profile → Export My Data
  • Permanently delete your account from Profile → Danger Zone
  • Email support@certforged.com for any other requests

7. Security

We use industry-standard practices: TLS in transit, hashed passwords (bcrypt), least-privilege access, and audited dependencies. No Internet service is perfectly secure; we cannot guarantee absolute security.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13.

9. International Users

Our infrastructure runs in the United States. By using the Service you consent to the transfer of your data to the U.S.

10. Changes

We may update this Policy occasionally. Material changes will be announced via email or an in-app notice. The “Last updated” date at the top reflects the current version.

11. Contact

Questions about this Policy? Email support@certforged.com.